Dr. InfoSec's Quotes of the Week (008)

"Insiders do not attack – instead they use legitimate accesses in support of their operations..." -- DARPA (US) Broad Agency Agreement for Project CINDER

Google CEO on Privacy (Ironic)

"I don't believe society understands what happens when everything is available, knowable and recorded by everyone all the time. [...] I mean we really have to think about these things as a society...." -- Eric Schmidt, CEO of Google

Security and Ostriches

"If you bury your head in the sand and you're unwilling to learn the methods of the bad guys you're more susceptible to fall for them..." -- Chris Hadnagy, Operations Manager for Offensive Security

ThreatPost On Disclosure

"Thinking that there's no one else out there who knows the details of a given zero-day flaw is one of the things that leads to ridiculously long gaps between disclosure and the release of a patch. Even in the case of a vulnerability for which all of the details aren't public, a bit of information combined with a short window of time before a patch is available can give attackers the head start they need to launch mass exploits..." -- Dennis Fisher, Editor at ThreatPost

Geer on Risk & Dependencies

"The root source of risk is dependence — dependence on system state, including dependence on expectations of system state reliability. Indeed, my definition of security has co-evolved with my understanding of risk and risk’s source, to where I currently define security as the absence of unmitigatable surprise. Thus, increasing dependence results in heightened difficulty in crafting mitigations. This increasing complexity embeds dependencies in a manner that may diminish the frequency of surprises; however, the surprises will be all the more unexpected when they inevitably occur. And that is the crux of the matter: our dependence on all things cyber as a society is now inestimably irreversible and irreversibly inestimable. That sounds more apocalyptic than I intend, but the competent risk manager always asks, “How bad could it be?” or, in the altogether American tortious style, “Who will have to pay?”..." -- Dan Geer, Chief Information Security Officer for In-Q-Tel

Harvard on Online Privacy

"As social media become more embedded in everyday society, the mismatch between the rule-based privacy that software offers and the subtler, intuitive ways that humans understand the concept will increasingly cause cultural collisions and social slips. But people will not abandon social media, nor will privacy disappear. They will simply work harder to carve out a space for privacy as they understand it and to maintain control, whether by using pseudonyms or speaking in code..." -- Danah Boyd, fellow at Harvard University's Berkman Center for Internet and Society

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.